08-19-2015 05:12 AM - edited 03-13-2019 09:07 PM
Hi,
I've got a customer, who is thinking about implenting a WebEx onPremise solution. Beside other things there is already a Cisco TMS & VCS environment for Video endpoints and Jabber Video for Telepresence. As this customer has a high security awareness, they don't want to have systems communicating with public networks to have access to their central authenticating system.
Therefore they are asking, if it is possible to use Microsoft AD LDS instead of Microsoft Active Directory or some other LDAP service. As i couldn't find any useful information on this, perhaps there's someone here, who could either tell me if that is supported or has something like this running with success.
Kind regards,
Christian Darley
Solved! Go to Solution.
08-19-2015 08:11 PM
For CWMS on-prem you have below options:
1) Manage/Authenticate users locally
2) Use LDAP/LDS but through CUCM. This means CUCM needs to be integrated with AD first. CWMS then integrates for directory to CUCM.
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_01101.html#task_DB0D271D6EB1459EB4DA269461E93B36
For configuring CUCM - AD LDS integration:
Ref: http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html
3) Third and the best option is SAML SSO.
This is the best option from all three from user experience and security perspective as well (at least SSO adds another layer between the AD and the user)
This functionality will let you do below:
auto account create
auto account update
SSO/Authentication
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#topic_3E0C669FED234015B187A02AAB5E0E6B
CWMS also uses its own reverse proxy for all access through internet as well. Refer to below:
http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_5791517C7230406DAC9CE1E9D079F375
-Terry
Please rate all helpful posts
08-19-2015 08:11 PM
For CWMS on-prem you have below options:
1) Manage/Authenticate users locally
2) Use LDAP/LDS but through CUCM. This means CUCM needs to be integrated with AD first. CWMS then integrates for directory to CUCM.
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_01101.html#task_DB0D271D6EB1459EB4DA269461E93B36
For configuring CUCM - AD LDS integration:
Ref: http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html
3) Third and the best option is SAML SSO.
This is the best option from all three from user experience and security perspective as well (at least SSO adds another layer between the AD and the user)
This functionality will let you do below:
auto account create
auto account update
SSO/Authentication
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#topic_3E0C669FED234015B187A02AAB5E0E6B
CWMS also uses its own reverse proxy for all access through internet as well. Refer to below:
http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_5791517C7230406DAC9CE1E9D079F375
-Terry
Please rate all helpful posts
08-20-2015 02:52 AM
Thank you Terry,
that clears the WebEx part. Hopefully someone knows for TMS as well.
Christian
10-03-2016 06:16 AM
Could still use an answer to if AD LDS will work with TMS. That is still an unknown and an issue I am running into today.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide